Ah, the wonders of
CanSecWest. The famed security conference has delivered yet again in 2009, this time bringing to light two simple
sniffing schemes that could be used to decipher typed text when keyloggers are just too noticeable. Gurus from Inverse Path were on hand to explain the approaches, one of which involved around $80 of off-the-shelf gear. In short, curious individuals could point a laser on the reflective surface of a laptop between 50 feet and 100 feet away, and then by using a "handmade laser microphone device and a photo diode to measure the vibrations, software for analyzing the spectrograms of frequencies from different keystrokes, as well as technology to apply the data to a dictionary," words could be pretty easily guessed. The second method taps into power grid signals passed along from PS/2 keyboard outputs, and by using a digital oscilloscope and an analog-digital converter, those in the know can pick out tweets from afar. Check the read link for more, and make sure you close those blinds and pick up a USB keyboard, pronto.
[Via
Slashdot]
posted Mar 27th 2009 9:01AM
thats insane!
im going to be so paranoid for now on...
*from
Well, on the plus side, using a UPS would probably stop the power-sniffing attack.
Old technology... Air Force Tempest regulations included concerns for lasers pointed at windows to pick up vibrations from voices inside... measuring vibrations with a laser and then translating the waveforms back out...
That was in a movie
i believe the US actually used that at some time while spying on another country. I believe they had a small prism or the like implanted in the window though.
I could have made that with my etch-a-sketch. Not that I still have it..
If I came up with this I would look at my options...
release the information and get posted on engadget... pretty cool.
keep the information for myself and take over the world... hmmm...
Go ahead... $100 says %99 or keystrokes are of the following strings..
"Boobs"
"Big"
"Manhood"
"Pron"
"ChunkyLuver99"
"Prime Cups"
"Jiggle"
"Twitter"
"Facebook"
"Youtube"
"Free"
......................
that's very interesting...
heh...
Hmm... if you can point a laser at the reflective surface of the laptop surely a pair of binoculars would be much more accurate in reading the text on the screen.
This will work when pointed at the back of the screen, e.g. while you are sitting at starbucks or at the airport.
Gee, I wonder if I saw the big red (or green or blue) laser dot on my laptop if I would keep typing or maybe I would duck 'cause I would think I am about to be shot? Maybe this would be viable if only blind people used laptops and they could not see the big friggin DOT?
Theories like this always annoy me because they have no applicability in the REAL WORLD!
What if the dot was on a reflective logo on the back of your screen? How often do you sit at a window with a laptop screen facing out so passersby can read your screen?
Also, if you read the article: "Using an infrared laser would prevent a victim from knowing they were being spied on"
The dot can be anywhere, that is just an illustration. The beam picks up the various vibrations when you type. that combined with a complex algorithm deciphers those vibrations and turn's it into key strokes. Also they were able to sniff them out over your own home's electrical system or did you not read the story. Shees.
Laser doesn't have to be in the visible light spectrum. If the frequency is in the UV or IR range you won't see a damn thing.
Lasers don't have to be coherent visible light, in fact the laser pickup in a CD player uses light outside the visible spectrum.
Boy, I sure hope no one uses this to find out I spend all day on Fark and Flickr.
I guess they know now, busted!
@Andir3.0
Newp just read the Engadget shrunk down version where they fail to mention infrared...
This work for a ATM keyboard?
Didn't I see this on NCIS last night?
This is two weeks old, what's wrong engadget, first time you ever went to the site HackADay? hmm wonder where ya got that idea? I wonder...
Imagine a surveillance drone being able to read keystrokes in much the way HAL-9000 was able to read astronaut's lips in the Arthur C.Clarke/Stanly Kubrick classic, "2001".
It's interesting but not as completely awesome as it sounds.
From the description it is matching its perceptions to a word library, so it is clearly a statistical attack.
That is good for lots of things but probably fails on the good stuff... like passwords which are not standard words.... which should be all passwords.
It would be interesting to know how much average variance they get and if they could use it to limit the possible variations in a given password. I mean it might be pretty useful if you could make a password with millions of possibilities into one with dozens of possibilities some good percentage of time.
Then it might actually be useful to harvest login info in a cafe or something... if nobody notices you sitting there lasing people.
As for previous laser usage to read sound resonance in objects like windows... No, that wasn't just from a movie.
Re: the at keyboard attack.... hahahahaha....
It's interesting... but I will file it along with the attack on the bosch electronic fuel injection system from my '78 VW Camper.
- mike
All this to see where you get your porn from? :wink:
Like any one is going to bring an oscilloscope and an analog-digital converter to a Star Bucks! Why not make it more obvious and just look at the screen over the persons shoulder.
Will this work on an iphone?